Congress shall make no law respecting an establishment
of religion,
or prohibiting the free exercise thereof; or abridging the freedom
of speech, or of the press; or the right of the people peaceably
to assemble, and to petition the Government for a redress of
grievances.

Sen. Dan Coats (R-Indiana) was the main Republican sponsor of CDA-I.
He has filed a bill, S.1482
[1], that would punish commercial
distributors of material deemed "harmful to minors" with six months in
jail and a $50,000 fine. Unlike CDA-I, this proposed statute applies
only to Web sites. The ACLU, which won in the fight against CDA-I,
says
[2] the the new bill is clearly out of bounds: it has serious
constitutional problems with its definition of "harmful to minors,"
and does not make any distinction between material that may be, for
example, harmful to a six-year-old but valuable for a 16-year-old.
The bill does not pin down which community's standards are to be
applied in determining whether material is harmful to minors, but
rather imposes on the FCC and the Department of Justice the task of
explaining what material would infringe the law. The Supreme Court
struggled in vain for years to arrive at a national definition of
the term "obscenity"; "harmful to minors" is obscenity lite and will
prove even more difficult to define. Third, the proposed law could
apply to online bookstores such as amazon.com and to ISPs --
publishers and carriers who do not originate such material. CDA-I explicitly
exempted carriers such as ISPs from culpability under that law, and
a court has upheld
[2a]
the common carrier nature of ISPs.
Finally, the Coats bill would require sites with material "harmful to minors"
to take a credit card for age verification. The Supreme Court's majority
opinion overturning CDA-I specifically rejected the government's advancement
of this proposed tactic.

When Sun chided and then sued Microsoft for failing to honor its
Java licensing agreement, Microsoft pointed out that Sun chooses to
ignore the failings of other companies -- particularly Netscape --
to live up to their own contracts. Indeed Netscape has been out of
compliance since it failed to deliver a Java Virtual Machine based
on Sun's JDK version 1.1
[3],
which has been shipping since February.
The contract stipulates that Netscape must complete updating its
Java implementations within a stated period after a new JDK ships.
(How long that period is is not public knowledge; I would guess at
6 months.) Netscape has assured Sun that it plans to come into
compliance, with Communicator version 5 in the first half of 1998, and
meanwhile Netscape on its own initiative has removed the familiar
"steaming cup" Java logo from the About page of Communicator 4.04.
Netscape notes that its products are fully compliant with JDK 1.0.2,
and that the contract does not require them to remove the logo.

Lately it seems that Intel, Microsoft, and Cyrix are fighting more bugs than the Starship Troopers

See last week's TBTF [4] for background on these recently surfaced
security issues.

Pentium "f00f" bug --
Intel has developed a software workaround
[5] that must now be
incorporated into each operating system that runs on Pentium
hardware -- there are probably a few dozen of these. Each OS
vendor must rigorously test the fix for its impacts on
stability and performance. A vendor whose user base is not all
running on the current OS version may need to implement the fix
multiple times. Several hundred million users will have to
obtain the fix to their OS and install it; many, unlucky, users
will have to upgrade their OS version at the same time. Linux
was first out of the chute with a f00f fix, introducing patch
2.0.32, which traps the offending op codes before they get
to the CPU, before Intel had announced its workaround. The linux
fix is available at
[6a]
(patch) and
[6b]
(full source). BSDI is
testing a fix. Microsoft says it is "in the process of studying
the implementation of potential workarounds."

Eugene Kashpureff, who hijacked the InterNIC's Web traffic to his own site
as a protest against domain naming policy
[10],
[11],
has been arrested by Royal Canadian Mounted Police and is
expected to be deported to the US to face charges of wire fraud and
computer fraud
[12],
[13].
The FBI issued a warrent for Kashpureff's
arrest on 9/12, located him in Toronto late last month, and
requested the cooperation of the RCMP in his apprehension.

A neighboring island of Tonga
[14] has set up in the business of
providing domain names to all comers. Niue (pronounced "new-way"),
population 2000, has made an arrangement with some enterprising
Americans for the privilege of parcelling out .nu domain names
[15].
Visit the registry
[16] to see it your favorite has already been
claimed. (No, you can't have whats.nu, it was among the first to
go.) The interesting thing about Niue's entry into the registry
fray is that it is the first to break the $50/year price point --
Niue charges $25 per year.

You can't have avoided hearing about the Appraising Microsoft Conference
[17],
[18] held in Washington, D.C. last week an
hosted by consumer gadfly Ralph Nader. Nader called Microsoft
"uniquely ruthless"; one of the participants dubbed the company
"the great white shark of the software business: no conscience,
no reticence, just endless appetite." Microsoft executives had
been invited but (sensibly) declined to attend. COO Bob Herbold
sent a public letter
[19] to Nader enumerating the ways in which
the deck had been stacked against Microsoft.

Steve Kremer <steve at jokewallpaper.com> thought to call Nader's
office to find out what kind of computer the conference instigator
uses. Answer: apparently, he doesn't use one at all. Kremer
summarized thus on the fight-censorship mailing list:

So when you read the stories coming out of Washington D.C.
about Nader taking Microsoft to task, remember it's being
headlined by someone who has probably never had their hand
on a mouse except maybe to take a dead one out of an OSHA-
approved trap.

Microsoft's partners are not all uniformly happy with the
colossus, though they are understandibly reluctant to speak up in
public. Allan Hurst <allanh at spectrum.us.com> sends this anonymous
account of exchanges between a Microsoft representative and an
attendee at a Northern California Microsoft revival meeting -- er, I mean
reseller briefing:

Attendee: "Is it true that NT 5.0 has 27 million lines of
code?"
Microsoft: "Why do you want to know?"
Microsoft: "So, as you can see, Small Business Server is a
mission-critical product from Microsoft, and
is our Big Product Introduction for 4Q97. Does
anybody know what will be the Big Product In-
troduction for 1Q98?"
Attendee: (shouting) "Yes! Service Pack 1 for Small
Business Server!"
(The "correct" answer, incidentally, turned out to be "NT 5.0".)

One group that is unwaveringly in Microsoft's corner is its
shareholders. Those who have stuck with the company's stock over the last
year have doubled their money. At the annual meeting, after the
speech in which Bill Gates called the Nader conference a "witch
hunt," the attendees gave him a standing ovation.

Helping system administrators find the source of DoS attacks more quickly

MCI has released a must-have tool for system administrators: the
Denial of Service Tracker
[20]. This security program simplifies the
process of tracing DoS attacks, which aim to overload a target
com-puter system to the point that it's unusable for anything else. The
program works against SYN flood
[21],
ping flood [22],
bandwidth saturation, and concentrated source attacks. Other DoS-based attacks
are being added.

The original church, stripped of $340M, can't hide behind new corporate shells

A Federal judge has issued a definitive ruling that clears the way
for hundreds of lawsuits to go forward against the self-declared
religious organization, and in addition calls into question its
tax-exempt status
[23]. When faced with paying a $6M judgement to a
creditor, the Church of Scientology of California dissolved itself
and transferred its assets to two new organizations called the
Church of Scientology International and the Religious Technology
Center. The judge ruled that the new Scientology corporations are
merely shells controlled by and identical to the disbanded mother
church so their assets are subject to court judgements against the
original institution.

Why am I writing about Scientology, new readers may wonder? The CoS
has worked aggresively, using channels legal and dirty, to stifle
free speech on the Internet and may have been responsible for
shutting down a long-running anonymous remailer, anon.penet.fi
[24],
[25].

After 15 months at Slate, Michael Kinsley reflects on what the publication has learned

This 2-week-old c|net story
[27]
recounts a letter that Slate's
editor posted on the Microsoft site. The letter itself
[27a] took some searching --
after all, 5 months have passed in Internet time -- but was located thanks
to the good graces of Anita Rowland <a-anitar at microsoft dot com>.
Kinsley has learned that writing on the Web, delivered quickly and with much
less editing, tends to be less formal than that of print
publications. Do tell. He adds that as the online magazine continues to
evolve, features will be "collections of very small, easy-to-digest
morsels that still add up to a substantial meal." Sounds like Tasty
Bits to me.